Описание
Security update for libsoup2
This update for libsoup2 fixes the following issues:
- CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
libsoup-2_4-1-2.74.3-150600.4.27.1
libsoup2-devel-2.74.3-150600.4.27.1
libsoup2-lang-2.74.3-150600.4.27.1
typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
SUSE Linux Enterprise Server 15 SP6-LTSS
libsoup-2_4-1-2.74.3-150600.4.27.1
libsoup2-devel-2.74.3-150600.4.27.1
libsoup2-lang-2.74.3-150600.4.27.1
typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
libsoup-2_4-1-2.74.3-150600.4.27.1
libsoup2-devel-2.74.3-150600.4.27.1
libsoup2-lang-2.74.3-150600.4.27.1
typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
openSUSE Leap 15.6
libsoup-2_4-1-2.74.3-150600.4.27.1
libsoup-2_4-1-32bit-2.74.3-150600.4.27.1
libsoup2-devel-2.74.3-150600.4.27.1
libsoup2-devel-32bit-2.74.3-150600.4.27.1
libsoup2-lang-2.74.3-150600.4.27.1
typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
Ссылки
- Link for SUSE-SU-2026:0657-1
- E-Mail link for SUSE-SU-2026:0657-1
- SUSE Security Ratings
- SUSE Bug 1240751
- SUSE Bug 1258120
- SUSE Bug 1258170
- SUSE Bug 1258508
- SUSE CVE CVE-2025-32049 page
- SUSE CVE CVE-2026-2369 page
- SUSE CVE CVE-2026-2443 page
- SUSE CVE CVE-2026-2708 page
Описание
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
Ссылки
- CVE-2025-32049
- SUSE Bug 1240751
- SUSE Bug 1250562
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
Ссылки
- CVE-2026-2369
- SUSE Bug 1258120
Описание
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
Ссылки
- CVE-2026-2443
- SUSE Bug 1258170
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.27.1
Ссылки
- CVE-2026-2708
- SUSE Bug 1258508